The challenge I'm facing is that I've set up a small farm for a client and the solution consists of three web applications (mainly scalability). What I primarily want to achieve is single sign-on (for authenticating users accessing the site) between the
web applications, using FBA. I haven't found a single source indicating that merely using forms login is the way to achieve SSO in SP 2010. Rather, everything points to using a STS.

We might end up using ADFS 2 but for now I've built a custom IP-STS, based on Starter STS. The problems that have arisen are related to establishing trust between SharePoint and the STS. Of course I've configured a SPTrustedIdentityTokenIssuer with the proper
certs and so on. As far as I can tell, I get redirected to the STS login form, get authenticated properly and redirected back to the calling RP.

What happens next is that if I have multiple RP:s configured (that is, one default realm and one provider realm) in the token issuer, upon redirection back to the calling RP the browser is stuck in an endless redirection loop. I've tried to use Fiddle to
determine the "end points" of the loop and it seems to be a chain consisting of
/_trust, _layouts/authenticate.aspx and
/_trust/default. It's worth noting that authenticate.aspx seems